Site Navigation

Date:      Mon, 04 Jun 2001 17:32:37 +0700
From:      "tinnakorn kunasit" <tinnakorn2000@hotmail.com>
To:        freebsd-questions@FreeBSD.ORG
Subject:   ipfirewall
Message-ID:  <F38hNPPzQT456UnHAaa00015074@hotmail.com>

---

next in thread | raw e-mail | index | archive | help

---

<html><DIV>
<DIV>&nbsp;</DIV>
<DIV>dear sir</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; I am install FreeBSD 4.2 but can not set firewall.</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; In my system have 2 network card</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rl0 203.151.42.62</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rl1 10.0.0.1</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; I want to make ip masquerade forward&nbsp; ip from&nbsp;inside (rl1) to outside (rl0)</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; How I can make it?</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp; </DIV>
<DIV>&nbsp;I tried to set</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;</DIV>
<DIV>1.&nbsp;&nbsp;&nbsp;add options for ipfirewall and recompile kernel</DIV>
<DIV>&nbsp;&nbsp; </DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; options IPFIREWALL</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; options&nbsp;IPDIVERT</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; options IPFIREWALL_VERBOSE</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;options IPFIREWALL_VERBOSE_LIMIT=100</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;options IPFIREWALL_DEFAULT_TO_ACCEPT</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;2.&nbsp;&nbsp; in /etc/service</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; natd&nbsp;&nbsp;&nbsp;&nbsp; 6668/divert</DIV>
<DIV>&nbsp;</DIV>
<DIV>3.&nbsp;&nbsp; enable firewall line in /etc/rc.conf</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;firewall_enable="YES"</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; firewall_script="/etc/rc.firewall"</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </DIV>
<DIV>4.&nbsp; edit file /etc/rc.firewall</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /sbin/ipfw -f flush</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /sbin/ipfw -q add 100 pass all from any to any via lo0</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /sbin/ipfw&nbsp; -q add 200 pass all from any to 127.0.0.0/8 </DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /sbin/ipfw&nbsp; -q add 300&nbsp;pass all from any to any</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /sbin/sysctl -n -w net.inet.ip.forwarding=1</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /sbin/natd -l -d&nbsp; auth -m -u&nbsp; -n rl1 -dynamic</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /sbin/ipfw add divert natd all from any to any out</DIV>
<DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /sbin/ipfw add divert natd all from any to any in</DIV></DIV>
<DIV>&nbsp;</DIV>
<DIV>but I can not ping from inside to outside</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </DIV>
<DIV>&nbsp;</DIV>
<DIV>From command&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /sbin/ipchains -A forward -s 10.0.0.0/8 -d 0.0.0.0/0 -j MASQ</DIV>
<DIV>How&nbsp; I change to ipfw?</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; thank you</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Tinnakorn</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; FreeBSD user</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;&nbsp; </DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </DIV>
<DIV>&nbsp;</DIV></DIV><br clear=all><hr>Get Your Private, Free E-mail from MSN Hotmail at <a href="http://www.hotmail.com">http://www.hotmail.com</a>.<br></p></html>;

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F38hNPPzQT456UnHAaa00015074>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact